Computer Security Quiz 4

External devices such as firewalls cannot provide access control services.

False

Security labels indicate which system entities are eligible to access certain resources.

False

An access right describes the way in which a subject may access an object.

True

An auditing function monitors and keeps a record of user accesses to system resources

True

Reliable input is an access control requirement.

True

__________ controls access based on comparing security labels with security clearances. a. MAC b. DAC c. MBAC d. RBAC

a. MAC

An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures is a(n) __________.

audit

__________ is the traditional method of implementing access control. a. MAC b. MBAC c. DAC d. RBAC

c. DAC

__________ is verification that the credentials of a user or other system entity are valid. a. authorization b. adequacy c. audit d. authentication

d. authentication

_________ is the granting of a right or permission to a system entity to access a system resource. a. authentication b. monitoring c. control d. authorization

d. authorization

A __________ is an entity capable of accessing objects. a. owner b. group c. object d. subject

d. subject

Basic access control systems typically define three classes of subject: owner, __________ and world.

group

Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role.

inheritance

__________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.

role-based

A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned.

session